Earlier this year, security researchers reported the use of legitimate security tools in multiple attacks against Ukrainian organizations, including government agencies, nonprofits, and tech companies.
According to a Microsoft report, legitimate security tools used included Impacket, a penetration testing tool.
The same tool emerged earlier this month in an attack by the Russian state-sponsored group Sandworm, which Ukraine’s Computer Emergency Response Team said was attempting to take down a major Ukrainian utility.
Now, the same security tool has been identified as the number one global threat among customers of Red Canary, a managed detection and response company.
Security tools for good and bad
Impacket is what Red Canary calls a “dual-use” tool. Enterprises use these tools for both IT administration and testing, said Lauren Podber, the company’s lead intelligence analyst.
Impacket can be used for…